VYPR

MAZ Loader – Preloader Builder

by WordPress

CVEs (1)

  • CVE-2021-24669HigNov 8, 2021
    risk 0.57cvss 8.8epss 0.01

    The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.